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Construction of Arithmetic Secret Sharing 
Schemes by Using Torsion Limits 

Seher Tutdere * and Osmanbey Uzunkol ^ 


Abstract 

Recent results of Cascudo, Cramer, and Xing on the construction of 
arithmetic secret sharing schemes are improved by using some new bounds 
on the torsion limits of algebraic function fields. Furthermore, new bounds 
on the torsion limits of certain towers of function fields are given. 
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1 Introduction 

Secret sharing is a cryptographic mechanism allowing to distribute shares among 
different parties. This is achieved by a trusted dealer in such a way that only 
authorized subset of parties can determine the secret [3]. Unlike conventional 
cryptographic schemes, secret sharing schemes enable the user to eliminate the 
root of trust problem mm- Furthermore, secret sharing has plenty of pri¬ 
vacy preserving real-life applications ranging from access controls [50] , oblivous 
transfers |23] to biometric authentication schemes ca¬ 
lf the authorized subset has the cardinality larger than a predetermined lower 
bound, then secret sharing schemes have the property of threshold access struc¬ 
ture [S]. Moreover, a secret sharing scheme is called ideal if the shares have 
the same size as secrets |3]. Shamir’s secret sharing scheme is a classical exam¬ 
ple of an ideal secret sharing scheme having threshold access structure. Since 
the shares are computed and reconstructed by using only linear algebra [T5] . 
it is also an example of linear secret sharing schemes (LSSS). Ito et al. [TB] 
introduced secret sharing schemes for general access structures. Moreover, an 
LSSS can be constructed for any access structure m- However, the shares grow 
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exponentially in the number of parties, and the optimization of secret sharing 
schemes for arbitrary access structures is a difficult problem [3]. 

Chen and Cramer [6] introduced an LSSS defined over a finite field using 
algebraic-geometry codes (AG-codes). Unlike the general case, this scheme has 
the advantage that shares are much smaller than the number of parties since 
one uses algebraic curves with many rational points. Therefore, this achieves 
larger information rate by generalizing Shamir’s secret sharing scheme into an 
algebra-geometric setting. One inevitable disadvantage (due to the bounds on 
MDC 0) is that this scheme is an ideal ramp secret sharing scheme, i.e. a 
quasi-threshold scheme. In particular, one has the property that the scheme 
has t-rejecting and t -I- 1 -I- 2g-accepting structure, where g is the genus of the 
underlying maximal algebraic curve. 

Cascudo, Cramer, and Xing [3] introduced arithmetic secret sharing schemes 
which are special quasi-threshold F^-linear secret sharing schemes based on 
AG-codes. They can be used as the main algorithmic primitives in realizing 
information theoretically secure multi-party computation schemes (in particu¬ 
lar, communication-efficient two-party cryptography) and verifiable secret shar¬ 
ing schemes urn- More precisely, it is shown in [5] that asymptotically good 
arithmetic secret sharing schemes can be used to achieve constant-rate com¬ 
munication in secure two-party communication by removing logarithmic terms 
which appears if one instead uses Shamir’s secret sharing scheme m- As ar¬ 
gued in [4], these schemes can be also used as an important primitive in plenty 
of other useful applications in cryptography including zero-knowledge for circuit 
satisfiability m and efficient oblivous transfers [Ill- 

Constructing asymptotically good arithmetic secret sharing schemes is based on 
some special families of algebraic function fields. Besides the well-known notion 
of Ihara limits for constructing asymptotically good function field towers, the 
notion torsion limits for algebraic function fields is introduced in [4]. Geomet¬ 
rically, in order to construct arithmetic secret sharing schemes with asymptot¬ 
ically good properties, we need not only to have algebraic curves with many 
rational points but also to have jacobians (of corresponding algebraic curves) 
having comparably small d-torsion subgroups. On the algebraic side, the tor¬ 
sion limit for a function field tower with a given Ihara limit gives information on 
the size of d—torsion subgroups of the corresponding degree-zero divisor class 
groups. In [3], the authors give asymptotical results improving the classical 
bounds of Weil [55] on the size of torsion subgroups of abelian varieties over 
finite fields. For this purpose, the existence of solutions for certain Riemann- 
Roch systems of equations is investigated. The authors further give new bounds 
on the torsion limits of certain families of function fields. Consequently, they 
use these bounds in constructing asymptotically good arithmetic secret-sharing 
schemes by weakening the lower bound condition on the Ihara constant. 

In this work, we made some modifications and improvements on their results 
by using the bound on class number given by |I9] . Moreover, we estimated the 
torsion limit of an important class of towers of function fields introduced by 
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Bassa et al. depending on the Ihara limit given in [5] . For example for the case 
d > 2, these new bounds can easily be adapted to improve the communication 
complexity of zero knowledge protocols for multiplicative relations introduced 

in 0. 

In Section [5] we revisit the preliminaries about algebraic function fields together 
with algebraic-geometry codes and Riemann-Roch systems of equations. We 
further investigate the bounds on the torsion limits in Section [2j Then, we 
apply the result for the bounds on the torsion limits for function field towers 
in Section [31 In Section 0] new conditions for the construction of arithmetic 
schemes are investifated and the results are proven. We construct families of 
arithmetic secret sharing schemes with uniformity in Section [3] Moreover, we 
give examples yielding to infinite families of arithmetic secret sharing schemes 
in Section |5l Finally, Section [6] concludes the paper. 


2 Preliminaries 


Let F/¥g be a function field over the finite field with q elements, where q 
is a power of a prime number p. We denote by g := g{F) its genus, by Bi{F) 
its number of places of degree i for any f G N, and by P(F) its set of rational 
places. 


An asymptotically exact sequence of algebraic function fields F = Fij>o over a 
finite field F^ is a sequence of function fields such that for all m > I the following 
limit exists: 


/3m (-F) = lim 

i—^oo 


Bm{Fi) 


9i 


It is well-known that any tower of function fields over any finite field is an exact 
sequence, see for instance [IT] . 

We will use the following notations frequently: 


• An'. The number of effective divisors of degree n, for n > 1. 

• hi'. The class number of Fi/Fg for any family of function fields F = 

(Fi)i>i. 

• p(^)(F): The set of places of F/Fg having degree k gN. 

• log := In. 

• CI{F) := Div(F)/Prin(F): The divisor class group of F/Fg. 

• CIs{F) := {[£)] : degF = s}, where [D] G CI{F) stands for the divisor 
class containing D. 

• Div°(F): The group of divisors of F with degree zero. 
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• Jp = Div°(F)/Prin(F): The zero divisor class group of F with cardinality 
\Jf \ = h(F), which is called the class number. 

• C{D, G)l ■ The image of the map (f) : C{G) —>■ F* x F^, 

/ (/(Qi), • • • /(Qfe), f{Pi), ■ ■ ■ f{Pn)), where £(G) is the Riemann-Roch 

space of G, fc, n G N, n > fc, G is a divisor of F, Qi, • • • , Pi, • • • G 

(P) are pairwise distinct F^-places with D = Qj + Sr=i Pi 
supp D n supp G = 0. 


For a positive integer r, let 


JF[r] ■.= {[D]€jF-.r-[D] = 0} 


be the r-torsion subgroup of Jp, where O denotes the identity element of Jp- 
For each family F = {P/Fg} of function fields with g{F) —>■ oo, the limit 

Jr{F) ;= liminf 

^ g{F) 

is called the r-torsion limit of the family P. Let a G M and ^ be the set of 
families {P} of function fields over Fg such that in each family genus tends to 
infinity and the Ihara limit 

B (F) 

A{F) = lim — \ —— > a for every P G 5^. 

^ ’ g(F)^oo g{F) - 


Then the asymptotic quantity Jr{q,a) is defined by 


Jr{q,a) ;= liminf Jr{F). 

Fed 

We note that we only consider the Ihara limit for function field families P for 
which this limit exists following the lines of [H Remark 2.1]. 

An (n, t, d, r)-arithmetic secret sharing scheme for Fg over Fg is an n-code G 
for Fg such that t>l,d>2,Gis t-disconnected, the d powering G*‘^ is an 
n-code for Fg, and G*'^ is r-reconstructing. For further details, the relation of 
these codes with G{D,G)l, and the concept of uniformity we refer to [U pp. 
3873-3875]. 

Firstly, we investigate the bounds on torsion limits in the following theorem by 
combining the bounds in Theorems 2.3 and 2.4 of [4]: 

Theorem 1. Let Fg be a finite field of characteristic p. For any integer r > 2, 
set Jr ■= Jr{q,A{q)). Write r as r = pW' for some I > 0 and a positive integer 
r' coprime to p. Let c := gcd(r', g — 1) and k := ■ 


(i) If r \ q and q is a square, then Jr < ./q+i 
(a) If r \ {q— 1), then Jr <2 logg r. 
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(in) If r \ {q — 1) and, q is non-square or c > , then Jr < log^ r. 

(iv) If r \ q, r \ {q — 1), q is a square, and c < p^, then 

Jr < -(y=^ + boggier'). 

Proof. We give a complete proof by comparing the results of [4] : 


(i) Applying m Theorem 2.4(ii)] with r = 
inequality 


Jr < 


I 


p^ and r' 
loggP. 


c = 1 we obtain the 


(ii) This assertion is a direct consequence of [U Theorems 2.3 and 2.4]. 

(hi) and (iv) When r f (g — 1), [H Theorem 2.3(ii)] yields to Jr < log^r. 
Furthermore, when g is a square, we obtain 


Jr < 


I 

\/Q + 1 


logqr, 


( 1 ) 


by 0 Theorem 2.3(iii)]. Using 0 Theorem 2.4(ii)], also the following 
inequality holds: 

Jr < _ , ^ logqP + logqicr'). (2) 

Hence, by inequalities o, (ED, and substituting the value r = p^r', we get 


A 


+ ^ 09 q{cr') - logg r 

^log,P + l<.g,c. 


Since A > 0 if and only if c > assertion (iv) follows. 


□ 

We remark that for Theorem [ID iv) with c < p^, 0 Theorem 2.4] gives a better 
upper bound on Jr than 0 Theorem 2.3]. 


Remark 1. It is well-known from Weil \26f that for any function field F/¥q 
with genus g one has j+j’M] < and hence Theorem\^ii) always holds. 

The following definition and theorems will be used in the subsequent sections: 
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Definition 1. Let u G N, rm G Z \ {0}, and Yi G Cl{F) for i = 

The Riemann-Roch system of equations in the indeterminate X is the system 
of equations 

{e{m,X + Yi) = 0}“=i (3) 

determined hy these data. A solution is some divisor elass [G] G Cl{F) satisfying 
all equations when substituted for X. 

Theorem 2. ^ Theorem 3.2] Consider the Riemann-Roch system (0)- For 
i = 1,... ,u and s G Z, let 

di := degYi and ri := misdi. 


If one has 

U 

h{F) >'^Ar,- \JF[mi]\, 
then the system m has a solution [G] G Cls{F). 

Theorem 3. ^ Theorem 4-11] Let t > 1, d > 2. Define I* := {1, ... ,n}. For 
% A <G I* define 

Pa-.= Y.P,GDiv{F). 

j&A 

Let further a canonical divisor K G Div{F) be given. If the system 

{£idX - D + Pa + Q) = OJiK - X + Pa + Q) = 0}Ac/MA|=i 

is solvable for X, then there is a solution G G Div{F) such that the algebraic- 
geometry code C = C(D,G)l is an {n,t,d,n — t)-arithmetic secret sharing 
scheme for F^' over with uniformity. 


3 Torsion-limits of towers 

We begin with an application of Theorem [T] when q is a square: 

Proposition 1. Suppose that q = p^ is a square (with k > 1 and p prime) and 
r = p^r' where gcd(r',p) = 1. We set c := gcd{r',q — 1) and k := ■ Then 

there exists a recursive tower of function fields T over Fg such that one has 

A{F) > ^-l-BFJr{F), 

where 

^log,r ifr\q 

B=\^ log, r if r \q butr \ {q-l) 

logqr ifr\q,r\{q-l),c>p'^ 

log^ p + log(cr') otherwise. 
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Proof. We know from m that there exists a recursive tower of function fields 
P over Fg with A{P) = ^ — 1. As g is a square, the proof follows easily from 
Theorem [T] 

□ 


We now need the following result of Bassa et al. [2] : 


Theorem 4. Theorem 1.2] Let n = 2m + 1 > 3 6e on integer and q = 
with a prime p. There exists a recursive tower of function fields T over such 


that 


A{P)> 


2(pm+l _ 

p + 1 + e 


where e = — -. 

pm _ I 


Next, the torsion limit of the tower given in Theorem |4] can be estimated by 
using the lower bound on the Ihara limit A{P)\ 

Proposition 2. Let n and q be given as in Theorem^ There exists a recursive 
tower of function fields P over F^ with the following properties: 

(i) If p is odd, then A[P) > A + J 2 {P), where 

^ - 1 ) 

p +1 + e p™ - 1 ^ ^ 

(ii) If p is even, then A{P) > A + \og^2 + J 2 {P), where A is given as in Eqn. 

m- 


The proof of Proposition [5] is obvious; it follows from Theorems [T] and HI and 
Remark [1] 


4 New conditions for the construction of arith¬ 
metic secret sharing schemes 


For an algebraic function field F/Wq with genus g, we set 


A:={i : — 1 and Bi > 1} with 5 := |A|, (5) 

fix an integer n > 0, and further set 

Un ■= {b = (6j)iGA ■ bi>0 and '^i ■ bi = n}. (6) 

iGA 

It is well-known that the number of effective divisors of degree n of an algebraic 
function field F/Vq is given as follows: 


A„= ^ 




n 

iGA 


Bi + bi — 1 
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see for instance [T]. By combining this formula for An with some results of [3] 
and the bound on class number given in m we obtained the following theorem. 

This improves the sufficient conditions on the existence of arithmetic secret 
sharing schemes with uniformity: 

Theorem 5. Let F/¥q be a function field of genus g, d,k,t,n G N with d > 2, 
n > I, and 1 < t < n. Let 1 < m < g — 1 be given such that > Bi for all i G 

Moreover, set f := L^J- Suppose that Qi, Q 2 ,... ,Qk, Pi, P 2 , ■■■, Pn G 
are pairwise distinct rational places and 


d^^ < H-29VP-P-1 

(VO 


(7) 


where 

q9-F{q-lf 

(9 + 1) ■ (5 + 1) 

and S is given as in Assume further that there exists an element s G Z such 
that 

2g — s + t + k — 2 = 1 and l<ds — n-\-t<g — 1. (8) 


Then there exists an (n, t,d,n — t)-arithmetie secret sharing scheme for over 
Fq with uniformity. 


Proof. We first note that | Jp [d] | < df^ by Remark [T] Let T be a subset of 
{1, 2,..., n} with t elements, and 

k n 

Pa-=Y,P^^ and :=Q + ^P, 

i^A i—1 i=l 

be divisors of F/¥q. Let itT be a canonical divisor of F/¥q. Consider the 
following system of Riemann-Roch equations: 

{t{dX-D + PAFQ) = 11,^{K-XPPA + Q)=H). (9) 

We apply Theorems [2] and [3] with 

ri = 2^ — s + t + fc — 2, r 2 = ds — n + t, mi = —1, m 2 = d, 

and an s G Z satisfying that := miS + di for i = 1,2. Hence, it is enough to 
show that 

h = h{F) > Ari ■ UF[mi]| + Ar^ ■ Uf’[to2]|- 

This guarantees that there exists a solution G G Div{F) of (0) with deg(G) = s. 
Again by Theorems [2] and [3l this solution yields to an AG-code C{G, D)l C 
Fg X Fg which is an (n, t,d,n — t)-arithmetic secret sharing scheme for F^ over 
Fq with uniformity. We now set 

■ {q + l){9 + iy 


8 





It follows from m that h > H. We set Uj := \Urj\, with Ur^ as in dH]), for 
j = 1, 2. Let m G A such that 



Note that ri = 1 implies = Ai = Bi. We obtain the following inequality 
by using the bound on given in [TJ Theorem 3.5]: 

A,, + Ar, • Jf [d] < i?i + n [d] I 

zGA ^ L i J / 

< + + -iMdW 

< Bi + 

< H. ( 11 ) 

Hence, Inequality (ITTll holds by the assumption Q due to Hasse-Weil bound 

[ 22 ]. □ 

Firstly, we give an estimatition for A„. Our aim is to estimate the cardinality 
of Un- We know that the partitions of a number n is correspond to the set of 
solutions (ji, j 2 , to the Diophantine equation 

Iji + 2 j 2 + 3j3 + ... + njn = n. 

For example, two distinct partitions of 4 can be given by (1,1,1,1), (1,1, 2) corre¬ 
sponding to the solutions (ji, j 2 , js, ji) = (4,0,0,0), (2,1,0,0), respectively. To 
compute \Un\, we need to find the number of partitions p{n, S) of n into at most 
6 partitions, where S = |A|. It follows from [121 p.9] that p{n,6) = ps{n + S), 
where ps(n -\- 6) is defined to be the number of partitions of n -I- d into exactly 5 
partitions. Each 8 parts must contain at least 1 item. Thus, it remains n which 
needs to be distribute into the 8 parts. It is enough to choose how many to 
put in the first <5—1 parts, since the number going into the last part is fixed. 
Hence, there are <5—1 choices, within the range [0, n]. This means we have n-|-1 
choices. Therefore, 

P5(n-I-d) < (n-I-(12) 

Theorem 6. Let F/¥q be a function field, d, k,t,n G N with d > 2, n > 1, and 
1 < t < n. Let 1 < m < g — 1, be such that Bm > Bi for all i G {1, 

1}. Suppose that Qi,Q 2 ,. ■., Qk,Pi,P 2 , ■■ ■ ,Pn G are pairwise distinct 

rational places and 

d^a < -^ 
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where 


(9 + 1) • (5 + 1) 

and 5 is given as in m- Assume further that there exists an s € 1, such that 

2g — s + t + k — 2 = 1 and ds — n + t > 1. 

Then there exists an {n,t^d,n — t)-arithmetic secret sharing scheme for over 
Fq with uniformity. 


Proof. The proof is similar to that of Theorem [SJ The main difference is that 
instead of (refmax) we the bound (ITT)) for binomial coefficients. Note that hi <n 
for all i G A. By applying induction on n the following inequality can be proven: 


Pjn An 1 
n 


< 


Pm An 1 
Bm-1 
e ■ {Bm + n-l) 


(14) 


n 


Hence, by using m with n = r 2 and (fTTll and definition of An, we obtain that 


Ar,-Md] < Sl + E n 


bGf/r, JGA 


Bi + hi — 1 
B,-l 


< Bi+ 

b^Uf2 

< Hi + (n + 1 ) 


Bm+n -I 
Bn, - 1 


|J>[d]| 


\JF[d\\ 


s-i { Bm -\- n — 1 


= Hi + 
= Hi + 

< H. 


Bm-l 

n + 1 

((„+l)e(l + 

n + 1 




d?3 


This inequality holds by Assumption ()T3|) . 


□ 


5 Construction of families of schemes with uni¬ 
formity 

We now consider exact sequences of function fields over finite fields. The suffi¬ 
cient conditions on the existence of families of arithmetic secret sharing schemes 
with uniformity [H Theorems 4.15 and 4.16] can be given by imposing certain 
conditions on the sequences of J" = {Ti/Fq}i>i of function fields. We first need 
the following results: 
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Proposition 3. ^31 Corollary 2] Let T = {Fi}i>o be an exact sequence of 
funetion fields over a finite field . Then the following limit exists: 

A(^) := Ito 

2^00 

Theorem 7. \25\. Theorem 6] The following limit exists for an asymptotically 
exact family of function fields T over any finite field F^; 

A(m) := lim —, 

2—>-oo gj^ 

where Ui := and fi G Moreover, for 

■= m_l M > Mo (15) 

m— 1 ^ 

we have 

A(^) = h{T) - (1 - ^) • logg. 

The main result concerning exact sequences of function fields and good artih- 
metic secret sharing schemes is given with the following theorem. 

Theorem 8. Let d > 2 be a positive integer and T = {Fi}i>o be an asymp¬ 
totically exact family of funetion fields over F^. Let further fi be given as in 
Condition m- For any ni,ki G N, with i > 0, suppose that the following 
assertions hold: 

(i) Jd{F) < (1 - p)\ogq, 

(a) Bi{Fi) >ni-Gki. 

Then there exist ti G N depending on Ui satisfying 1 < ti < Ui, and an infinite 
family of {{ni,ti,d,ni — ti)}i>o arithmetic secret sharing schemes for F^’ over 
Fq with uniformity. 

Proof. For a fixed z > 0 let 

Qi.2: • ■ • ; Qi.k, F^ i, Pi,2, • ■ • , 

be distinct rational places of Fi/Fg. For simplicity we write k := ki, n := Ui, 
and t := ti. Assume that / = {1, 2, ■ • ■ ^i} and AC I with \A\ = t. Define 

k 

Pi,A '■= ^ Pi,o G Div{Fi) and Qi := ^ Q^,j G Div{Fi). 
jeA j=i 

Let Ki G Div{Fi) be a canonical divisor of Fi/Fg and 

n 

Di := Qi + ^ ^ Pi,j G Div{Fi). 
t=i 
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By II Theorem 4.11] it is enough to show that the system of Riemann-Roch 
equations 


e{K,-X + P,^A + Qi) = 0 , 

^{dX-D, + P,^A + Q^) = 0 ( 16 ) 

has a solution Gi G Div{Fi) such that degGi = Si so that the AG-code 
C{G,,D)l C FJ- X is an (n, t^d^n — t) arithmetic secret sharing scheme 
for F^ over Fg with uniformity. We have the property that 

dl,^ :=2gi+ti + k-2 = deg{Ki + Pi^A + Qi) and 

^ 2,2 ■— TLi — deg( Dj^ -\- Pi^A “t” Qi)' 

Notice that Ai{Fi) = Bi{Fi) and | JFi[—1]| = 1- We set hi := h{Fi) for all i>l. 

We now apply Theorems [2] and [3| with mi = — 1, m 2 = d, and choose Si G Z so 

that 

ri^i := mi + di^i = 2gi — Si+ti + k — 2 = 1 and 
r 2 ,i := m 2 Si + d 2 ,i = dsi -rn+U = [figi\ > 1. 

This implies that if 


h, > 2ArM)\JF,m > Bi{F,) + ArM)\JFAd\\ (17) 


holds, then the system of equations (l9|) has a desired solution Gi G Div{Fi). To 
finish the proof, we need to verify Inequality dm. Taking log^ of both sides of 
(HZl) and dividing them by gi yield to 


log hi log 2 Ar^{FA log iJFjdjl 

—-— > —— + log„-h — - - 

gi 9i 9i gi 


(18) 


Since the sequence F = {Fi}i>o is exact, it follows from Proposition |3| and 
Theorem [7| that taking limit infimum of both sides of Inequality (ITS)) gives that 


h{F) = 


> 


lim 


lim 

i—^oo 


logg h, 

9i 

l^gg -^r2,i{Fi] 


+ lim inf 
2^00 


log iJFjdjl 


A(/r) + Jd{F). 


(19) 


We know from [24l Proposition 4.1] that the following inequality holds: 


A(/i) = lim inf 

i—^oo 


log Ar^ , 
52 


= ^,logq+Y, Analog 
> g log q. 


( 20 ) 


Now it follows from Theorem [3 and Assertion (ii) that Equation (flSl) holds, 
which implies that Inequality (TTTl) holds for sufficiently large i. □ 
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Remark 2. Suppose that q is a square. Then there are many function field 
towers T = over Fg with 


PiiiF) = A{T) = y/q — 1 and 



gi 


see for instance m- Moreover, we know from 1251 Corollary 2] that for any 
asymptotically exact sequence F = {Fi}i>o of function fields (which includes 
towers), the following equality holds: 





By Remark [2] and Theorem [8l we obtain: 

Proposition 4. Suppose that q is a square and d > 2 is a positive integer. Let 
further p, be given as in Condition (03). There exists a tower F = {Fji>o of 
function fields over Fg with ni,ki G N such that the following conditions hold: 


(l) qi + Jd{F) < ^ + (yg - 1) log (^) 


(ii) Bi{Fi) > Hi + ki for sufficiently large i. 

An immediate consequence of Proposition 0] is the following corollary whose 
proof follows from Remark 01 and is similar to that of Theorem [S] 

Corollary 1. Suppose that q is a square and d,ki,ni G N with d > 2. Then 
there exist ti G N depending on nt satisfying 1 < U < Ui, and an infinite family 
of {{ni,ti, d, Ui — ti)}i>o arithmetic secret sharing schemes for F^‘ over Fg with 
uniformity. 

Example 1. Let q = £^, where £ is a prime power. Consider the tower F = 
{Fi}i>o over Fg defined by the equation 


f(x,y)=y^x^ ^ 


+ y-x^ G Fq[x,y]. 


This tower is optimal JlOf . i.e. fiiiF) = £ — I and fifiF) = 0 for all i > 2. 
Thus, the value of ptQ defined in Condition m is 


1 


Mo = 


£+1 


Choose y = plq, d = 2. Bu ll (A Theorem 2.10] we have 



if i is even 
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Moreover, by Proposition 3.1], we have 

Bi{Fi) > {q - l)P P 21 for all i> A. 

For each i > A we choose ni,ki G N in such a way that Bi > Ui + ki. Then 
Proposition is satisfied by Theorem [IJ Therefore, the tower F can be used to 
construct an infinite family of {{ni,ti,d,ni — ti)}i>o arithmetic secret sharing 
schemes for over F p with uniformity. 

Example 2. Consider the example from |7J Proposition 5.20]. Let F = {-Fi}i>o 
be the tower over Fg defined by the polynomial 

f{X, Y) = Y^ + {X + bf-lG F9[X, E], & G F* (21) 

and Fq = Fg(a:o) be the rational function field. Let E = Fq(z) with z is a root 
of the polynomial 

q,{T) = (T2 + a^)(T9 - T) - — G Fo[T], 

Xo 

where a is a primitive element for Fg. Then the sequence £ = {Ei}i>Q, with 
Ei := EFi, over Fg is a composite quadratic tower such that for all i > 0, 


(i) Bi[Ei) >9-2* and B 2 {Ei) > 2\ 

(li) 

_ f 21.- 33 • 2(*-2)/2 + 6 ifi = D mod 2, 
“ |21- 2*-i - 11 • 2 (*+i )/2 + 6 ifi=l mod 2, 

where gi = g{Ei). 

(Hi) Pi{£) — P 2 i£) = ^ and Pj{£) = 0 for all j > 3. 


Thus, the value of pQ defined in Condition m is 



0 . 12 . 


Choose p = 0.5 > pq and for simplicity choose ki = 2,ti = 50 for all i = 
1, 2, 3,4. From the proof of Theorem]^ we obtain 


ri,i = 1, '^2,1 = 2, r2,2 = 7, r2,3 = 23, r2,4 = 54 

for all d = 2,3,4, 5. We now have the following table by using the relations 
given in the proof of Theorem [IJ' 

Si = 2gi + t + k — 3 and Ui = dsi Ft — r 2 ,i for i = 1,2, 3,4. 

Table 1: Some parameters of Example 2 
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d 

VI 

ni 

n2 

ns 

n4 

2 

0.8 

166 

201 

309 

525 

3 

0.8 

225 

280 

450 

791 

4 

0.8 

288 

363 

595 

1060 

5 

0.2 

343 

438 

732 

1321 


Notice that for d = 2,3,4, 5 and q = 9 we have 

Jd{£) < Vq + {y/q - 1) log (^-^) - M ~ 1-9. 


6 Conclusion 

In this work some bounds [1] on the construction of arithmetic secret sharing 
schemes are improved by using bounds on class number m- We here estimated 
the torsion limit of an important class of towers of function fields [5] depending 
on the Ihara limit. In the case d > 2, these new bounds can easily be adapted to 
improve several applications of torsion limits ranging from improving the com¬ 
munication complexity of zero knowledge protocols for multiplicative relations 
[8] and bilinear complexity of finite field multiplication to obtain new results on 
the asymptotics of frameproof codes. 
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